This issue tracker has been migrated to GitHub ,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2012年03月13日 00:40 by j1m, last changed 2022年04月11日 14:57 by admin. This issue is now closed.
| Messages (5) | |||
|---|---|---|---|
| msg155542 - (view) | Author: Jim Fulton (j1m) * (Python committer) | Date: 2012年03月13日 00:40 | |
Requiring md5s makes it hard to implement simple indexes with simple web servers, where simple indexes include flat directories of distributions. |
|||
| msg155544 - (view) | Author: Éric Araujo (eric.araujo) * (Python committer) | Date: 2012年03月13日 00:42 | |
I’m not sure that this report should not be merged with #14279, but Alexis will judge that. |
|||
| msg155906 - (view) | Author: Alexis Metaireau (alexis) * (Python triager) | Date: 2012年03月15日 16:33 | |
If no MD5 checksum is present on the crawled simple index, then we don't have to check them. This means we introduce a potential security hole here (md5 checksums were added for a reason). What could be done is to explicitely don't check them if asked so. For instance using a --no-checksum flag when running pysetup, or passing a no_checksum argument when using the crawler. Would that work for you? Éric, this is a different issue than the one you pointed out in the sence that one is for local files and the other is for remote indexes. (Of course, local files, will not need checksums as well). |
|||
| msg155925 - (view) | Author: Jim Fulton (j1m) * (Python committer) | Date: 2012年03月15日 18:17 | |
I just clarified that 14279 doesn't imply local files. I'd be fine with a warning about lack of checksums for downloads. |
|||
| msg155959 - (view) | Author: Alexis Metaireau (alexis) * (Python triager) | Date: 2012年03月15日 21:36 | |
Right, I'll go for this then. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022年04月11日 14:57:27 | admin | set | github: 58488 |
| 2014年03月13日 02:28:02 | eric.araujo | set | status: open -> closed resolution: out of date stage: resolved |
| 2012年03月15日 21:36:32 | alexis | set | messages: + msg155959 |
| 2012年03月15日 18:17:53 | j1m | set | messages: + msg155925 |
| 2012年03月15日 16:33:13 | alexis | set | messages: + msg155906 |
| 2012年03月13日 00:42:20 | eric.araujo | set | assignee: eric.araujo -> alexis title: simple indexes (in wrappers) should not require md5 hashes -> packaging.pypi should not require checksums messages: + msg155544 versions: + 3rd party, Python 3.3 |
| 2012年03月13日 00:40:34 | j1m | create | |